System and method for performing biometric authentication

ABSTRACT

There is described a system and method for performing biometric authentication, preferably voice biometric authentication. The system has a host device such as a mobile phone and a coupled headset device. The headset device is arranged to receive audio, and to cryptographically protect the audio before transmission to the host device for verification and biometric authentication.

The present application is a 371 of International Patent Application No.PCT/GB2018/052803, filed Oct. 1, 2018, which claims priority to U.S.Provisional Patent Application Ser. No. 62/695,913, filed Jul. 10, 2018,each of which is incorporated by reference herein in its entirety.

FIELD

The field of representative embodiments of this disclosure relates tomethods and associated systems for performing biometric authentication,including but not limited to ones concerning voice biometricauthentication.

BACKGROUND

Biometric-based authentication is often used to verify the identity of auser. In addition to well-known biometrics such as finger printidentification, it is also possible to use the voiceprint of a user toidentify the user and to verify secure commands and transactions.

One of the challenges with such biometric-based authentication is theneed to protect such an authentication system against malicious attacks.One possible attack on such authentication systems is to intercept audiodata from a microphone before it reaches the authentication module, andto replace the audio data with malicious commands. In the case ofrelatively insecure links between a host device and a coupled accessory,e.g. a headset device, this can represent a considerable attack vectorfor the entire biometric authentication system.

As a result, there is a need to provide a biometric authenticationsystem having increased robustness to such attacks.

SUMMARY

Accordingly, there is provided a method for performing biometricauthentication for a system having a host device and a coupled headsetdevice, the host device having a biometrics module for performingbiometric authentication, the method comprising the steps of:

-   -   a) receiving audio at a headset device;    -   b) performing a cryptographic protection of the received audio        by performing at least one of cryptographically signing or        encrypting the audio at the headset device to provide protected        audio;    -   c) transmitting the protected audio from the headset device to a        biometrics module at a host device;    -   d) verifying the protected audio by verifying the cryptographic        signature or decrypting the protection audio at the biometrics        module; and    -   e) responsive to said verification, performing a biometric        authentication on the audio at the biometrics module.

The method performs a cryptographic protection process which comprisesencrypting and/or cryptographically signing the audio at the headsetdevice, which can allow for the audio to be later authenticateddownstream of the headset device. Providing such an end-to-endcryptographic protection of the audio data directly from the headsetdevice to the biometrics module ensures that the audio received at thebiometrics module is a secure representation of what was received at theheadset device. Such protection prevents against any malicious attacksor hacks of the audio data via the communications path between theheadset device and the biometrics module, such as malicious modificationor substitution of the audio data in order to subvert the biometricsfunction. It will be understood that the headset device may comprise anysuitable device arranged to receive audio from a user, preferably awearable device, e.g. an audio headset, headphones, earbuds, etc. Itwill also be understood that the host device may comprise any suitabledata processing device provided with a biometrics module for userauthentication, e.g. a mobile phone, a tablet computer, a personalcomputer, etc. It will be understood that the host device and theheadset device will be communicatively coupled with each other, e.g. viaa wired or wireless link between the devices.

It will be further understood that the “audio” of steps (b)-(e) maycomprise a digital version of the audio signal received at the headsetdevice, or the “audio” may comprise data representative of the audiooriginally received. For example, the method may comprise the additionalstep of performing a feature extraction on the received audio, toprovide feature data which is representative of the received audio. Thesubsequent steps of performing a cryptographic protection, transmitting,verifying, and performing a biometric authentication being performed onthe feature-extract-version of the received audio. Suchfeature-extract-version of the received audio may be particularlysuitable for use in various biometric authentication techniques, e.g.ear biometrics.

In a particularly preferred aspect, the received audio comprises speech,which is subsequently authenticated in a voice biometrics authenticationmodule. Additionally or alternatively, the received audio may comprisean acoustic response or an otoacoustic emission from an ear of a user,which is subsequently verified in an ear biometrics authenticationmodule.

Preferably, the step of transmitting comprises:

-   -   establishing a communications link between the headset device        and the biometrics module on the host device; and    -   sending the protected audio from the headset device to the        biometrics module on the host device via said communications        link.

Preferably, the step of establishing a communications link comprisesestablishing a communications link between a cryptographic protectionmodule on the headset and the biometrics module on the host device,which includes a pass-through link via a data processing element of thehost device, e.g. through an Applications Processor of the host device.

As the data link between the headset and the biometrics module of thehost device will likely pass via an Applications Processor (AP) of thehost device, the cryptographic protection of the received audio reducesthe risk of malicious attacks on the audio data as it passes through theAP. Preferably, the communications link comprises an unmodifiedbit-exact data path between the headset and the biometrics module.

In an alternative embodiment, the step of establishing a communicationslink comprises establishing a direct communications link between acryptographic protection module on the headset and the biometrics moduleon the host device, without intervening data processing elements, e.g.without linking through an Applications Processor of the host device.

Such a direct communications link may be using a direct USB interfacebetween the headset and the host device modules.

Preferably, the step of establishing a communications link comprises:

-   -   establishing an asynchronous data path between the headset        device and the biometrics module on the host device.

The use of an asynchronous data path allows for audio data to betransmitted from the headset to the biometrics module faster than inreal time, so that buffered audio data can be instantly transmitted torecover any latency losses, e.g. bring-up latency associated withestablishing the communications link between the headset device and thebiometrics module on the host device.

Preferably, the step of establishing a communications link comprises:

-   -   establishing a wired communications link with an asynchronous        communications protocol, e.g. using USB link with a USB Serial        endpoint type or any suitable wired communications protocol, or    -   establishing a wireless communications link with an asynchronous        communications protocol, e.g. using BlueTooth with RFCOMM        protocol, or any suitable wireless communications protocol.

Preferably, the method comprises the steps of:

-   -   receiving a trigger event at the headset device indicative of a        user interaction,    -   wherein at least one of steps (b)-(e) are performed responsive        to said step of receiving a trigger event.

When the subsequent method steps are dependent on the receipt of atrigger event, accordingly the encryption, communication and subsequentauthentication are performed when required by the system, usually at alow duty cycle resulting in low-power operation. For example,transmission of cryptographically protected audio from a headset deviceto a host device may require establishing a relatively-high-powerwireless communication link between the devices.

Preferably, the step of receiving a trigger event comprises at least oneof the following:

-   -   receiving an indication of a voice keyword detection, from the        headset device and/or from the host device;    -   receiving an indication of a voice activity detection, from the        headset device and/or from the host device; or    -   receiving an indication of a physical user interaction, from the        headset device and/or from the host device.

The physical user interaction may comprise any suitable input signal,e.g. a mechanical button press from a user of the headset or the hostdevice, a capacitive sensor input, an ultrasonic sensor input, aproximity detect, etc.

The method further comprises the steps of:

-   -   buffering the received audio at the headset device; and    -   responsive to receiving a trigger event at the headset device,        performing at least one of steps (b)-(e) on the buffered audio.

Preferably, the step of buffering the received audio is continuouslyperformed. This allows for additional audio data to be stored andaccessed when required, which can aid in authentication and/orsubsequent speech recognition or command recognition. The system may beconfigured to buffer a set duration of audio, e.g. 1 second, 3 seconds,5 seconds, 10 seconds, etc.

In a preferred embodiment, the step of transmitting comprises:

-   -   transmitting the protected buffered audio from the headset        device to the biometrics module at the host device using an        asynchronous data link.

By buffering the received audio which can be transmitted using anasynchronous data transfer, the steps of performing protection andtransmitting can be executed immediately and quicker than real-time, toallow for low latency transmission of the audio data to the host devicefor subsequent verification and biometric identification.

Preferably, the step of performing a cryptographic protection comprises:

-   -   creating a cryptographic digital signature of the received        audio,    -   wherein the step of transmitting comprises transmitting the        received audio with the cryptographic digital signature.

The step of cryptographically signing the received audio may comprise aSymmetric signing of data (e.g. HMAC) or an Asymmetric signing of data(e.g. DSA or ECDSA).

Additionally or alternatively, the step of performing a cryptographicprotection comprises:

-   -   creating an encrypted version of the received audio,    -   wherein the step of transmitting comprises transmitting the        encrypted version of the received audio.

Preferably, the step of performing a cryptographic protection comprisescryptographically signing or encrypting the received audio at theheadset device within a CODEC provided in the headset device.

Preferably, the method comprises the further step of:

-   -   responsive to said voice biometric authentication, initialising        audio playback from the host device to the headset device based        on the result of said voice biometric authentication.

The audio playback may be playback of secure information from the hostdevice to the headset. Additionally or alternatively, the audio playbackmay comprise audio settings specific to an authenticated user (e.g.user-specific playback settings such as treble, bass, ANC, etc.).

In one embodiment, audio playback may be via the same communicationslink established for sending the protected audio from the headset deviceto the biometrics module on the host device.

Preferably, audio playback is via the asynchronous data path between theheadset device and the biometrics module on the host device.Alternatively, audio playback is via a parallel isochronous data pathbetween the headset device and the host device.

In a further aspect of the disclosure, the method comprises the step ofperforming audio processing of the received audio at the headset devicein parallel to steps (b)-(e).

The audio processing can be performed on an unencrypted or unsignedversion of the received audio, parallel to a cryptographic protectionmodule of the headset.

The step of performing audio processing may comprise performing activenoise control at the headset device based on the received audio.

It will be understood that such active noise control may be using anystandard noise control techniques. In one aspect, the active noisecontrol comprises performing noise reduction processing at the headsetdevice on the audio received from the microphone.

Preferably, the method further comprises the step of:

-   -   at the host device, verifying the headset device prior to the        steps of verifying the protected audio at the biometrics module        and performing a voice biometric authentication on the verified        received audio at the biometrics module.

Verifying the headset device ensures that cryptographically protectedaudio is only ever received from a trusted device coupled with the hostdevice.

Preferably, the step of verifying the headset device comprises acryptographic verification of the headset device. Such a cryptographicverification may comprise a public key authentication.

There is also provided a system for performing biometric authenticationarranged to implement the above-described method.

Preferably, the system comprises:

-   -   a host device, the host device comprising a voice biometrics        authentication module; and    -   a headset device coupled with said host device, the headset        device arranged to receive audio comprising speech,    -   wherein the headset device comprises a cryptographic protection        module arranged to perform a cryptographic protection of        received audio, the headset device arranged to transmit the        protected audio from the headset device to the voice biometrics        module at the host device, and    -   wherein the voice biometrics module at the host device is        arranged to verify the protected audio at the biometrics module,        and responsive to said verification, the voice biometrics module        is arranged to perform a voice biometric authentication on the        received audio.

It will be understood that the host device and the headset device may beconfigured to perform alternative biometric authentication, e.g. as partof an ear biometric authentication system.

The headset device may comprise any suitable device arranged to receiveaudio from a user, preferably a wearable device, e.g. an audio headset,headphones, earbuds, an audio pendant, etc.

The host device may comprise any suitable data processing deviceprovided with a biometrics module for user authentication, e.g. a mobilephone, a tablet computer, a personal computer, etc.

It will be understood that the host device and the headset device may becommunicatively coupled with each other, e.g. via a wired or wirelesslink between the devices.

Preferably, the headset device comprises a microphone or other audiotransducer suitable for receiving audio.

There is further provided a headset device for use in the above systemfor performing voice biometric authentication.

There is further provided a host device for use in the above system forperforming voice biometric authentication.

EXAMPLE EMBODIMENTS OF THE PRESENT DISCLOSURE

The description below sets forth example embodiments according to thisdisclosure. Further example embodiments and implementations will beapparent to those having ordinary skill in the art. Further, thosehaving ordinary skill in the art will recognize that various equivalenttechniques may be applied in lieu of, or in conjunction with, theembodiments discussed below, and all such equivalents should be deemedas being encompassed by the present disclosure.

DESCRIPTION

For a better understanding of examples of the present disclosure, and toshow more clearly how the examples may be carried into effect,embodiments will now be described, by way of example only, withreference to the accompanying drawings, in which:

FIG. 1 is an illustrative overview of a system for performing biometricauthentication;

FIG. 2 is an illustrative view of a host device and a headset device;and

FIG. 3 is a process view of a method for performing biometricauthentication.

FIG. 1 illustrates one example of an electronic device 100, such as amobile telephone or tablet computer for example. The electronic device100 may comprise at least one microphone 101 which receives audiocorresponding to detected sounds and provides audio signals to theelectronic device. A microphone 101 of the electronic device 100 mayprovide an analogue microphone audio signal but in some embodiments themicrophone 101 may be a digital microphone that outputs a digitalmicrophone audio signal.

The device 100 is operable, in use, to receive audio signals from atleast one external microphone 102/102 a of an accessory apparatus103/103 a, which may receive audio corresponding to detected sounds atthe accessory 103/103 a. An accessory apparatus 103 may, in someinstances, be removably physically connected to the electronic device100 for audio data transfer, for instance by a connector 104 of theaccessory apparatus making a mating connection with a suitable connector105 of the electronic device, for example via a universal serial buslink (USB). Audio data received from the accessory apparatus comprisesdigital audio data.

An accessory apparatus 103 a may be configured for local wirelesstransfer of audio data from a microphone 102 a of the accessoryapparatus 103 a to the electronic device 100, for instance via awireless module 106 of the electronic device 100. Such wireless transfercould be via any suitable wireless protocol such as WiFi™ or Bluetooth™protocol for example.

Audio data from an on-board microphone 101 of the electronic device 100and/or audio data from a microphone 102/102 a of the accessory apparatus103/103 a may be processed in a variety of different ways depending onthe operating mode or use case of the electronic device 100 at the time.It will be understood that the received microphone audio data may beprocessed by audio processing circuitry which may, for instance comprisean audio codec and/or a digital signal processor (DSP) for performingone or more audio processing functions, for instance to apply gainand/or filtering to the signals, for example for noise reduction.

A control processor 108 of the electronic device, often referred to asan applications processor (AP), may control at least some aspects ofoperation of the electronic device and may determine any furtherprocessing and/or routing of the received audio data. For instance fortelephone communications, the received audio data may be forwarded tothe wireless module 106 for transmission. For audio or video recording,the data may be forwarded for storage in a memory 109. For voice controlof the electronic device 100, the audio data may be forwarded to aspeech recognition module 110 to distinguish voice command keywords.

The device 100 comprises a voice biometric authentication module 111 foranalysing audio data received from microphone 101 and/or 102 anddetermining whether the audio data corresponds to the voice of aregistered user, i.e. for performing speaker recognition.

The voice biometric authentication module 111 receives input audio data,e.g. from the microphone 101, and compares characteristics of thereceived audio data with user-specific reference templates specific to arespective pre-registered authorized user (and maybe, for comparison,also with reference templates representative of a general population).Voice/speaker recognition techniques and algorithms are well known tothose skilled in the art and the present disclosure is not limited toany particular voice recognition technique or algorithm.

The voice biometric authentication module 111 may be activated accordingto a control input conveying a request for voice biometricauthentication, for example from the AP 108. For example, a particularuse case running on the AP 108 may require authentication to wake thedevice 100, or to authorize some command, e.g. a financial transaction.If the received audio data corresponds to an authorized user, the voicebiometric authentication module 111 may indicate this positiveauthentication result, for example by a signal BioOK which is sent tothe AP 108. The AP 108 (or a remote server that has requested theauthentication) may then act on the signal as appropriate, for example,by authorizing some activity that required the authentication, e.g. afinancial transaction. If the authentication result were negative, theactivity, e.g. financial transaction, would not be authorised.

In some embodiments, the voice biometric authentication module 111 maybe enabled by a voice activity event detected, for example, by thetrigger detection or keyword detection module 107 or another dedicatedmodule (not shown). For example, when the device 100 is in a low-powersleep mode, any voice activity may be detected and a signal VAD (voiceactivity detected) communicated to the biometric authentication module111. In the event of a positive user authentication, the signal BioOKmay be used by the AP 108 to alter the state of the device 100 from thelow-power sleep mode to an active mode (i.e. higher power). If theauthentication result were negative, the mode change may not beactivated.

Preferably, there is a signal path 112 for providing audio data directlyfrom a microphone 101 to the voice biometric authentication module 111_([LS1]) for the purposes of voice authentication, the path 112 inaddition to the direct coupling of the microphone 101 to thetrigger/keyword detection module 107. In some embodiments, thetrigger/keyword detection 107 may be provided as part of the voicebiometric authentication module 111. In a particularly preferredembodiment, audio data from microphone 101 of the electronic device 100or from a microphone 102,102 a of an accessory apparatus 103,103 a isprovided to the voice biometric authentication module 111 via the AP 108and/or via the trigger/keyword detection 107 or via a path includingsome other processing modules. While in prior art system such a path maybe open to attack via malicious code present on the AP 108, embodimentsof the present disclosure provide protection against such attackvectors.

While voice biometric authentication module 111 has been illustrated asa separate module in FIG. 1 for ease of reference, it will be understoodthat the voice biometric authentication module 111 may be implemented aspart of or integrated with one or more of the other modules/processorsdescribed, for example with speech recognition module 110. In someembodiments, the voice biometric authentication module 111 may be amodule at least partly implemented by the AP 108 which may be activatedby other processes running on the AP 108. In other embodiments, thevoice biometric authentication module 111 may be separate to the AP 108and in some instances may be integrated with at least some of thefunctions of the codec/DSP 107.

As used herein, the term ‘module’ shall be used to at least refer to afunctional unit or block of an apparatus or device. The functional unitor block may be implemented at least partly by dedicated hardwarecomponents such as custom defined circuitry and/or at least partly beimplemented by one or more software processors or appropriate coderunning on a suitable general purpose processor or the like. A modulemay itself comprise other modules or functional units.

The AP 108 may typically be capable of running many differentapplications or software processes and may be configured so thatsoftware processes may be installed from outside sources by a userdirectly into the processor 108 and associated memory 109, for instancevia connector 105 or via the wireless module 106 for example. Thisprovides a route for malicious software (malware) to be installedsurreptitiously, and for this malware to corrupt the operation of thebiometric authentication.

For example, it may be possible that malware may be installed to run onan insecure area of the AP 108 and which may attempt to access a servicewhich requires authentication from the voice biometric authenticationmodule 111. The voice biometric authentication module 111 itself may besecure, in that an authentication signal from the voice biometricauthentication module 111 cannot be faked and in that the voicebiometric authentication module 111 will only generate an authenticationsignal indicating that authentication is successful if the audio inputsupplied to the voice biometric authentication module 111 does match theregistered user. However, it is conceivable that malware may be arrangedto generate false audio data and provide said false audio to the voicebiometric authentication module 111 as if it were genuine audio datafrom a user, the false data being selected to have a chance of beingfalsely recognised as matching the registered user.

For instance, it may be possible for an attacker to defeat voicebiometric authentication by recording a registered user speaking withouttheir knowledge and using such recording later when attacking a secureservice. In practice, it may be quite difficult for a third party to usesome sort of separate recording device to obtain a good qualityrecording of a user without that user's knowledge, but if malware wereinstalled on the user's device, the malware may be arranged to recordthe user's voice (using the user's device) without the user being aware.

To guard against such an attack using a recording of a user's voice, itis known for some applications that use_([LS2]) voice biometricauthentication to, in the event that a request to access a secureservice is received, generate a prompt to prompt the user to say one ormore selected words or phrases. The words or phrases may be selectedwith a degree of randomness so as to vary each time in an unpredictableway. This requires the user to utter the words or phrase correspondingto the prompt. If the correct prompt is then uttered and the voicecorresponds to the relevant user, then the authentication result may bepositive; otherwise the authentication will fail. i.e. produce anegative authentication result.

If malware has been inadvertently installed in the electronic device AP108, then it is possible that the malware may be configured to, unknownto the user, record and/or analyse voice data from the user over time. Auser's audio from an accessory device may be subverted or interceptedand captured by malware as it passes through the AP 108 from the USBinterface 105 to the biometrics module 111. When sufficient data hasbeen recorded and/or analysed, the malware may attempt to access thesecure service. The secure service may then trigger the voice biometricauthentication module 111 to perform authentication. The malware maythen supply an audio signal which is synthesised or formed from thevarious recordings of the user's voice to correspond to the requiredinput for the voice biometric authentication module. If this faked orpreviously-recorded audio signal is good enough, the voice biometricauthentication module 111 will recognise the audio as corresponding tothe registered user and falsely generate a positive authenticationresult.

Embodiments of the present disclosure relate to methods and apparatusthat at least mitigate at least some of the above-mentioned issues. Inparticular, for some embodiments, audio data from an accessory devicemay be authenticated as genuinely having been captured by the accessorydevice.

An example embodiment of a biometric authentication system is shown inFIG. 2 . The system comprises a host device 10 such as a personalcomputing device, a mobile phone, a tablet computer, etc., and acommunicatively coupled accessory device 12, in the form of a headsetdevice 12, such as a headset, earphones, earbuds, etc. The host device10 and the headset device 12 are communicatively coupled via acommunications link indicated at 14. The communications link 14 may beprovided as a wired or wireless data link between the devices 10,12.

The host device 10 may comprise modules as previously mentioned withrespect to device 100 of FIG. 1 . Host device 10 comprises a datainterface 16 for communication with the communications link 14. The datainterface 16 is arranged to allow for data to be input to and outputfrom the device 10. The host device 10 comprises a central controller 18such as an Applications Processor (AP), which is arranged to controloperation of the host device 10. The host device 10 further comprises abiometric authentication module 20 which is coupled with the AP 18, andin some embodiments coupled directly to the data interface 16.

As described above, the biometric authentication module 20 receivesinput audio data, e.g. from a host device microphone (not shown) or froman accessory device 12, and compares characteristics of the receivedaudio data with user-specific reference templates specific to arespective pre-registered authorized user (and maybe, for comparison,also with reference templates representative of a general population).Preferably, the biometric authentication module 20 is a voice biometricauthentication module arranged to perform analysis of a user's voice inthe received audio. Voice/speaker recognition techniques and algorithmsare well known to those skilled in the art and the present disclosure isnot limited to any particular voice recognition technique or algorithm.

In an additional or alternative aspect, the biometric authenticationmodule 20 comprises an ear biometric authentication module, which isarranged to perform analysis of audio data which is characteristic of auser's ear. Such audio data may be audio responsive to a probe signaloutput into a user's ear, or may be the otoacoustic emission receivedfrom a user's ear after appropriate stimulation. Ear biometricrecognition techniques and algorithms are well known to those skilled inthe art and the present disclosure is not limited to any particular earrecognition technique or algorithm.

The headset device 12 comprises a data interface 22 for communicationwith the communications link 14. The data interface 22 is arranged toallow for data to be input to and output from the headset device 12. Theheadset device 12 comprises at least one microphone 24 for receivingaudio. The microphone 24 may be provided as an analogue microphone or adigital microphone. The headset device 12 further comprises aloudspeaker 26 or other suitable audio transducer arranged to outputaudio at the headset device 12. The loudspeaker 26 may output music orother audio communicated from the host device 10. Additionally, theloudspeaker 26 may output an audio signal as part of an ear biometricauthentication process. Such an audio signal may be used to measure theresponse or resonance of a user's ear canal, or to stimulate anotoacoustic emission from a user's ear, which may subsequently beauthenticated in an ear biometric authentication module.

The headset device 12 comprises a cryptographic protection module 32,which is arranged to perform a cryptographic protection of the receivedaudio data. The cryptographic protection may comprise a cryptographicsigning of the audio data, e.g. using a message authenticationcertificate (MAC) or similar approach. The cryptographic signing of thereceived audio may comprise a Symmetric signing of data (e.g. usingHMAC) or an Asymmetric signing of data (e.g. using DSA or ECDSA).

Additionally or alternatively, the cryptographic protection may compriseperforming an encryption of the received audio data.

As the received audio is encrypted and/or signed, it can then betransmitted to the host device 10 as protected audio, where the data canbe decrypted and/or the signature verified at the biometrics module 20,to ensure that the audio on which the biometric authentication is to beperformed is verified as the audio received at the headset device 12.

The cryptographic protection may be performed in real time on thereceived audio data. In a preferred embodiment, the headset device 12comprises a buffer 34 which is arranged to buffer audio received via themicrophone 24. The buffer 34 may be configurable to store a set durationof audio received by the microphone 24, e.g. 1 second, 3 seconds, 5seconds, 10 seconds, etc. The cryptographic protection may accordinglybe performed on the audio data contained in the buffer 34.

While the above-described system performs cryptographic protection ofthe audio signal received at the headset device 12 for later verifiedbiometric authentication of the audio signal, it will be understood thatin an alternative embodiment, the cryptographic protection andsubsequent biometric authentication may be performed on audio datarepresentative of the audio signal received at the headset device 12.For example, some biometric techniques operate based on featuresextracted from an audio signal. As a result, the biometrics module 20only requires receipt of such a feature data version of the audio. Insuch an embodiment, the headset device 12 may be configured to perform afeature extraction on the received audio, to provide afeature-extract-version of the audio which is representative of thereceived audio.

The headset device 12 may be provided with a trigger detector module 36.The trigger detector module 36 is arranged to receive a trigger eventwhich is indicative of a user interaction with the headset device 12.The trigger event may comprise at least one of the following: the outputof a voice keyword detect (VKD) module, from the headset device and/orfrom the host device; the output of a voice activity detect module(VAD), from the headset device and/or from the host device; or a signalarising from detection of some physical user interaction from theheadset device and/or from the host device, such as a mechanical buttonpress from a user of the headset or the host device, a capacitive sensorinput, an ultrasonic sensor input, a proximity detect, etc.

The trigger detector module 36 may act to initialise one or more aspectsof the system on receipt of a suitable trigger event. For example, theprotection, communication and/or subsequent authentication will only beperformed when required by the system, resulting in low-power operation.As the transmission of audio data and cryptographic authentication fromthe headset device 12 to the host device 10 may require establishing arelatively-high-power wireless communication link between the devices:accordingly the use of suitable triggers may allow a low-power always-onoperation of the system.

When it is desired to communicate cryptographically protected audio datafrom the headset device 12 to the host device 10, the system isconfigured to establish a communications link between the headset deviceand the biometrics module on the host device for transmission of thecryptographically protected audio data.

The communications path to the biometrics module may pass through theAP. The cryptographic signing of the audio data may be adequate toensure that the data is not affected, tampered, or substituted by anymalware before arriving at the biometric module.

In one aspect, the system acts to setup a communications link betweenthe headset device 12 at the host device 10, preferably between aprocessor 38 in the headset 12 and the AP 18 in the host 10. Thecommunications link may be over a wired interface such as USB, or awireless or RF interface such as BlueTooth® protocol. A combination ofdata interfaces and firmware in the headset device 12 and firmware inthe AP 18 implements an asynchronous bit-exact data path between acryptographic protection module 32 of the headset 12 and a biometricsmodule 20 of the host 10.

The use of a bit-exact data path ensures that no data is lost betweenthe headset device 12 and the host device 10, allowing cryptographicverification at the host device to operate. The use of an asynchronousdata transfer allows any data that has been temporarily buffered, forinstance during any bring-up latency associated with establishing thecommunications link between the headset device and the biometrics moduleor while awaiting the result of voice activity or keyword detection, tobe transmitted at a relatively high data rate, faster than real-time, toat least partially recover any such latency.

As described above, the audio data received at the headset 12 may betransmitted using a cryptographically authenticated link via thecryptographic authentication module 32, e.g. for the purposes ofbiometric authentication or other processes requiring securecommunications, e.g. voice command recognition.

Additionally, the received audio data may be transmitted using anon-cryptographically authenticated link. Such unsigned or unencryptedaudio data may be used for processes such as voice calls for example toallow the use of established signal routing and call management methods.Also, some signal processing in the headset device 12 such asTransmit-side Active Noise Cancellation (Tx ANC), may be desirable toimprove audio SNR of audio to be sent over the public wireless network,but may introduce spectral coloration that renders the resulting signalpoor for biometric authentication processes. As a result, a paralleltransmission of such processed audio data may be used in addition to thetransmission of the unprocessed, yet signed or encrypted, audio data.

Audio received via the microphone 24 may also be processed by signalprocessing module 28 within the headset device 12 to provide a componentmixer 30 with any audio data received from the host device 10 to berendered through the loudspeaker 26. For example, the received audio maybe used to provide a sidetone signal to compensate for occlusioneffects.

The system may be configured such that responsive to a biometricauthentication, audio playback from the host device to the headsetdevice may be initialised based on the result of the biometricauthentication. The audio playback may be playback of secure informationfrom the host device to the headset, for example an audio user prompt.Additionally or alternatively, the audio playback may comprise audiosettings specific to an authenticated user (e.g. user-specific playbacksettings such as treble, bass, ANC parameters, etc.). The audio playbackmay be via same communications link established for sending the audioand the cryptographic authentication from the headset device 12 to thebiometrics module 20 on the host device 10. For example, the link maycomprise a frame-based data format with defined channels for signedaudio data, unsigned audio data and control data in each transmissiondirection.

The system may be configured wherein the host device 10 is arranged toverify the identity of the headset device 12 before receiving audio datafrom the headset device 12, for example by performing a cryptographicverification of the headset device using public key authentication.

It will be understood that various modules of the headset device, e.g.the signal processing module 28, the cryptographic protection module 32,the buffer 34, and/or the trigger detector module 36 may be provided asseparate elements within the headset device 12, or may be provided aspart of a larger signal processing module 38, such as an audio codecdevice provided in the headset device 12. It will be understood that anaudio codec device may be provided as a circuit which servessubstantially to receive, process, and output (analog or digital) audiosignals. It may include audio ADC, audio DAC and output audio driveramplifiers.

With reference to FIG. 3 , an example method of operation of a biometricauthentication system as described above is as follows:

The headset device 12 comprises an audio buffer 34, which uponinitialisation (step 200) continuously buffers audio received from amicrophone 26 or microphones of the headset device 12 (step 202). Duringthis time, the communications link 14 is in an at least partiallyinactive or low-power state, for reduced power consumption.

On detecting a trigger event (step 204), the trigger event detected atthe headset device 12 or communicated from the host device 10 to theheadset device 12, the headset device 12 initiates activation of thecommunications link 14 (step 206), between the headset device 12 and thehost device 10. The contents of the audio buffer 34 arecryptographically protected by encryption or cryptographic signing (step208). Once the link 14 is active, the buffer contents accumulated duringthe time it took to detect the trigger event and transition the link 14into the active state is transferred from the headset device 12 to thehost device 10 faster than real time using an asynchronous data path,along with any related cryptographic signature for any signed data (step210).

Preferably, the cryptographic protection of the audio data is performedresponsive to the detection of a trigger event. In an alternativeaspect, the system may continually perform cryptographic protection ofthe contents of the audio buffer 34. Such continual protection may beuseful if the buffer 34 in the headset device 12 is vulnerable tomalware or other malicious attacks.

After the buffer 34 is initially emptied, subsequent accumulated buffercontent may be periodically transferred over the link infaster-than-real-time bursts. This period may be much shorter than theinitial time taken to detect the trigger event and wake thecommunications link 14. In-between data bursts, the communications link14 may return to a low-power at least partially-inactive state. It willbe appreciated that such a state of periodically transferring buffercontent may continue indefinitely, as an equivalent to an isochronousdata transport between the headset and the host device.

The host device 10 is configured to verify that the audio datatransmitted via the link 14 and received at the host device 10 is thesame audio data that was originally received at the headset device 12(step 212). This is done based on the cryptographic protection methodused by the system, as described above. For example, the host device 10may verify the cryptographic signature transmitted with the audio data,or the host device 10 may act to decrypt an encrypted version of theaudio data. This verification step is preferably performed in thebiometrics module 20 of the host device 10.

After verification (step 214), if the audio data is verified that it isthe same as originally received at the headset device 12, then thebiometrics module 20 proceeds to perform a biometric authentication onthe received audio (step 218), the result of which may be used in anysuitable subsequent operation of the host device 10 requiring biometricauthentication, e.g. voice assistant command processing, transactionauthorisation, etc.

If the verification of the received audio data fails (step 216), thesystem may act to generate an error message.

It should be understood—especially by those having ordinary skill in theart with the benefit of this disclosure—that the various operationsdescribed herein, particularly in connection with the figures, may beimplemented by other circuitry or other hardware components. The orderin which each operation of a given method is performed may be changed,and various elements of the systems illustrated herein may be added,reordered, combined, omitted, modified, etc. It is intended that thisdisclosure embrace all such modifications and changes and, accordingly,the above description should be regarded in an illustrative rather thana restrictive sense.

Similarly, although this disclosure makes reference to specificembodiments, certain modifications and changes can be made to thoseembodiments without departing from the scope and coverage of thisdisclosure. Moreover, any benefits, advantages, or solutions to problemsthat are described herein with regard to specific embodiments are notintended to be construed as a critical, required, or essential featureor element.

Further embodiments likewise, with the benefit of this disclosure, willbe apparent to those having ordinary skill in the art, and suchembodiments should be deemed as being encompassed herein.

The invention claimed is:
 1. A method for performing biometricauthentication for a system having a host device and a coupled headsetdevice, the host device having a biometrics module for performingbiometric authentication, the method comprising the steps of: a)receiving audio at a headset device; b) performing a cryptographicprotection of the received audio by performing at least one ofcryptographically signing or encrypting the received audio at theheadset device to provide protected audio; c) transmitting the protectedaudio from the headset device to the biometrics module at the hostdevice; d) verifying the protected audio by verifying the cryptographicsignature or decrypting the protected audio at the biometrics module;and e) responsive to said verification, performing a biometricauthentication on the audio at the biometrics module; wherein the methodfurther comprises: performing, at the headset device, audio processingon the received audio in parallel to steps (b) and (c) to generateprocessed unprotected audio data.
 2. The method as claimed in claim 1,wherein the step of establishing a communications link comprisesestablishing a communications link between a cryptographic protectionmodule on the headset and the biometrics module on the host device,which includes a pass-through link via a data processing element of thehost device, e.g. through an Applications Processor of the host device.3. The method as claimed in claim 1, wherein the method comprises thesteps of: receiving a trigger event at the headset device indicative ofa user interaction, wherein at least one of steps (b)-(e) are performedresponsive to said step of receiving a trigger event.
 4. The method asclaimed in claim 3, wherein the step of receiving a trigger eventcomprises at least one of the following: receiving an indication of avoice keyword detection, from the headset device and/or from the hostdevice; receiving an indication of a voice activity detection, from theheadset device and/or from the host device; or receiving an indicationof a physical user interaction, from the headset device and/or from thehost device.
 5. The method as claimed in claim 1, wherein the methodfurther comprises the steps of: buffering the received audio at theheadset device; and responsive to receiving a trigger event at theheadset device, performing at least one of steps (b)-(e) on the bufferedaudio.
 6. The method as claimed in claim 5, wherein the step oftransmitting comprises: transmitting the protected buffered audio fromthe headset device to the biometrics module at the host device using anasynchronous data link.
 7. The method as claimed in claim 1, wherein thestep of performing a cryptographic protection comprises: creating acryptographic digital signature of the received audio, wherein the stepof transmitting comprises transmitting the received audio with thecryptographic digital signature.
 8. The method as claimed in claim 7,wherein the step of cryptographically signing the received audiocomprises a Symmetric signing of data (e.g. using HMAC) or an Asymmetricsigning of data (e.g. using DSA or ECDSA).
 9. The method as claimed inclaim 7, wherein the step of performing a cryptographic protectioncomprises: creating an encrypted version of the received audio, whereinthe step of transmitting comprises transmitting the encrypted version ofthe received audio.
 10. The method as claimed in claim 1, wherein thestep of performing a cryptographic protection comprisescryptographically signing or encrypting the received audio at theheadset device within a CODEC provided in the headset device.
 11. Themethod as claimed in claim 1, wherein the method further comprises thestep of: performing a feature extraction on the received audio, toprovide feature data of the received audio, wherein at least one ofsteps (b)-(e) are performed on the feature data of the received audio.12. The method as claimed in claim 1, wherein the method comprises thefurther step of: responsive to said voice biometric authentication,initialising audio playback from the host device to the headset devicebased on the result of said voice biometric authentication.
 13. Themethod as claimed in claim 12, wherein audio playback may be via thesame communications link established for sending the audio and thecryptographic authentication from the headset device to the biometricsmodule on the host device.
 14. The method as claimed in claim 1, whereinthe step of performing audio processing may comprise performing activenoise control at the headset device based on the received audio.
 15. Themethod as claimed in claim 1, wherein the method further comprises thestep of: at the host device, verifying the headset device prior to thesteps of verifying the protected audio at the biometrics module andperforming a voice biometric authentication on the verified audio at thebiometrics module.
 16. The method as claimed in claim 15, wherein thestep of verifying the headset device comprises a cryptographicverification of the headset device.
 17. The method as claimed in claim1, wherein the step of transmitting comprises: establishing acommunications link between the headset device and the biometrics moduleon the host device; and sending the protected audio from the headsetdevice to the biometrics module on the host device via saidcommunications link.
 18. The method as claimed in claim 17, wherein thestep of establishing a communications link comprises establishing adirect communications link between a cryptographic protection module onthe headset and the biometrics module on the host device, withoutintervening data processing elements.
 19. A method as claimed in claim 1further comprising transmitting the processed unprotected audio datafrom the headset device to the host device.
 20. The method as claimed inclaim 17, wherein the step of establishing a communications linkcomprises: establishing an asynchronous data path between the headsetdevice and the biometrics module on the host device.
 21. The method asclaimed in claim 17, wherein the step of establishing a communicationslink comprises: establishing a wired communications link with anasynchronous communications protocol, e.g. using USB link with a USBSerial endpoint type or any suitable wired communications protocol, orestablishing a wireless communications link with an asynchronouscommunications protocol, e.g. using BlueTooth™ with RFCOMM protocol, orany suitable wireless communications protocol.
 22. A system forperforming biometric authentication, the system comprising: a hostdevice, the host device comprising a biometric authentication module;and a headset device coupled with said host device, the headset devicearranged to (a) receive audio, wherein the headset device comprises acryptographic protection module arranged to (b) perform a cryptographicprotection of received audio to generate protected audio, the headsetdevice arranged to (c) transmit the protected audio from the headsetdevice to the biometric authentication module at the host device, andwherein the biometric authentication module at the host device isarranged to (d) verify the protected audio at the biometricauthentication module, and responsive to said verification, thebiometric authentication module is arranged to (e) perform a biometricauthentication on the protected audio; wherein the headset device isarranged to: perform audio processing on the received audio in parallelto steps (b) and (c) to generate processed unprotected audio data. 23.The system as claimed in claim 22, wherein the headset device comprisesany suitable device arranged to receive audio from a user, e.g. an audioheadset, headphones, earbuds.
 24. The system as claimed in claim 22,wherein the host device comprises any suitable data processing deviceprovided with a biometric authentication module for user authentication,e.g. a mobile phone, a tablet computer, a personal computer.
 25. Aheadset device for performing biometric authentication, wherein theheadset device is configured to be coupled with a host device andwherein the headset device is arranged to receive audio, the headsetdevice comprising: a cryptographic protection module arranged to performa cryptographic protection of received audio to generate protectedaudio, the headset device arranged to transmit the protected audio fromthe headset device to a biometric authentication module at the hostdevice, wherein the headset device is arranged to: perform audioprocessing on the received audio in parallel to performing thecryptographic protection of the received audio, to generate processedunprotected audio data.